To learn more about Out-of-the-box Integrations and their benefits, please refer to
this article.
In this article, you will find out how to configure Google Cloud Platform (GGP) VPC to pull and collect data from your network in the form of logs, and have it sent to Lumu to be analyzed to improve the monitoring & response capabilities of your organization.
Requirements
-
A GCP Virtual Private Cloud. To learn more, refer to the
GCP official documentation.
-
A Google Cloud project. If you do not have one, please follow the
official Google Cloud tutorial.
-
An active Lumu Defender/Lumu Insights subscription
Lumu paid customers can unlock the full power of our Out-of-the-box integrations; however, Lumu Free customers can also enjoy their benefits with a few limitations. Take a look at
our website and our documentation to learn more about our subscription tiers.
Google Cloud services allows managing APIs, adding and removing collaborators, and managing permissions for Google Cloud resources. In this section, we will see the necessary configurations we need to complete in GCP to activate the OOTB integration.
Google Cloud allows storing logs in a general storage utility per project, this means all your available DNS zones and VPCs which are part of a cloud project may generate and save different sorts of logs, including but not limited to TCP/UDP packets, DNS queries or DNS packets, that will be reflected in your logging explorer utility.
Bear in mind that two different projects will have two different logging buckets. To retrieve logs from both of them, you must set up two OOTB Lumu integrations, one per project.
Enabling logs for your VPC network
IAM configuration
It is vital to create an account key for this service account, and download it as a JSON file, you will need this later to create the OOTB.
Once added, you should see the service account in the principals' permissions details
Add Integration
To start collecting data from the GCP VPC, it is necessary to configure the Lumu integration using the values obtained in the first section of this article. Here, you will find instructions on how to configure each of these parameters.
1. Log in to your Lumu account through the
Lumu Portal and navigate to the integrations screen. Locate the GCP VPC Data Collection integration in the available apps area and click to add it. Then click to view details.
2. Familiarize yourself with the integration details available in the app description. Click the button below to add the integration.
3. Assign an identifiable name to the integration. By default, this integration will be tagged as unlabeled activity; however, you can select a label of your preference for additional visibility.
It is always recommended to assign a label to prioritize findings within the traffic of your organization. To learn more, refer to our
article about Labels.
4. Add the GPC credentials: Google Cloud Project ID and Service Account Key. These parameters were obtained in the steps of the Configure Google Cloud Projects section. Now select “Activate”.
5. The integration is now created and active. You can find the integration and some additional details by going to the Configured Apps section and looking for the available apps.